{"uuid": "e5b09b66-54e9-4988-ba8e-d7e10dfc27f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4094", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13528\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13528\n2. https://plugins.trac.wordpress.org/browser/emails-verification-for-woocommerce/tags/2.9.2/includes/class-alg-wc-ev-emails.php#L151\n3. https://plugins.trac.wordpress.org/changeset/3238136\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/0b3798e3-45fe-4829-9012-dc728d4af87f?source=cve", "creation_timestamp": "2025-02-12T13:11:27.000000Z"}